An average Internet user or consumer faces an enormous challenge with conducting their affairs over the Internet. Every time a purchase is made for a good or service over the Internet an account is needed to complete that transaction. These accounts are hosted on systems managed by businesses. These businesses largely generate revenue and profit from selling goods and services and not from managing systems associated with a consumer's account. Consequently, it should come as no surprise that confidential consumer information is now literally and electronically all over the planet. Seldom do consumers question the competency or integrity of the businesses with which they electronically transact.
Also, new challenges are being presented every day on the Internet, which compound the problems. For example, consider scams related to phishers and pharmers, fake World-Wide Web (WWW) sites, bogus sites, deals to good to be true included within electronic mail (email) messages, and the like; all of which is an attempt to scam the consumer out of information that allows ready access to the consumer's funds and good name. These problems stem from the fact that the Internet consumer is unable to determine who they are in fact communicating with.
On the flip side of the matter, businesses face equal challenges if not more daunting issues. To effectively compete, businesses often have to provide services to employees, to provide information to both internal and external facing audiences, and to foster innovation among teams that are spread over the entire planet. Consequently, enterprise information is a target for attack of nefarious individuals. Essentially, businesses are faced with a challenge of, “who are we really communicating with over the Internet?”
An accepted business solution is authentication. But, this is one-sided in that the consumer often authenticates to the business but the business does not authenticate to the consumer. So, how does the consumer know that the purported businesses asking for authentication are not in fact phishers or pharmers? Likewise, legitimate businesses issue credentials to users and expect all those users to be responsible and not to expose these credentials over the Internet. Yet, how does a user truly know his/her access attempts are not being intercepted and compromised?
Accordingly, improved techniques for identity creation, maintenance, and use are desirable.